CN103295131B - A kind of conditional electronic payment system possessing transferability - Google Patents
A kind of conditional electronic payment system possessing transferability Download PDFInfo
- Publication number
- CN103295131B CN103295131B CN201310272889.4A CN201310272889A CN103295131B CN 103295131 B CN103295131 B CN 103295131B CN 201310272889 A CN201310272889 A CN 201310272889A CN 103295131 B CN103295131 B CN 103295131B
- Authority
- CN
- China
- Prior art keywords
- currency
- payment
- dual
- agreement
- bank
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of conditional electronic payment system possessing transferability, there is payment platform, bank, a requestee, described payer account, and at least one payee, it is characterised in that comprise the following steps: (1) pays and generates;(2) conditional jump;(3) user's registration;(4) additional transfer;(5) payment is cashed;(6) dual disburser is identified.The present invention has the beneficial effects that, does not both need the segmentation selection technique of poor efficiency constructed by the present invention, it is not required that complicated knowledge probative agreement, also eliminates demand in all conditions agreement of transfer, bank is online at any time simultaneously.And the conditional electronic payment system of the present invention possesses assignability, the further transaction currency that a series of payee can be anonymous can be made.
Description
Technical field
The present invention relates to E-Payment field, be specifically related to a kind of conditional electronic payment system possessing transferability.
Background technology
The E-Payment prototype (or electronic cash prototype) proposed by Chaum, it may be said that be one of most important application of contemporary cryptology.After it proposes, between nearly 30 years, substantial amounts of research work is all complete.Having two kinds of electronic cash Scheme is online and off-line respectively.Online electronic cash Scheme provides good solution can to the most thorny issue in electronic cash Scheme, for instance dual payment problem.But, it needs payee will contact with bank when transaction every time, and this is accomplished by bank any time will be online.It is to say, bank will become the bottleneck of this system development soon.Therefore, the scheme of off-line has more captivation when building electronic cash system.
Shi et al. first proposed a kind of new prototype and is called that conditional electronic pays.Compared with traditional electronic payment schemes, conditional electronic pays when meeting the public conditions necessarily decided through consultation, the electronic money that user will be allowed to issue with anonymous way cashing bank in certain time in the future.In addition, the electronic money in conditional payoff system in process of exchange not identity with payee bind mutually, in whole process, therefore just protect the anonymity of payee.Conditional electronic pays and is all highly profitable in substantial amounts of application, for instance market prediction, anonymous stake and securities trading on the net.
Shi et al. proposes the complete framework that conditional electronic pays simultaneously.But, select agreement and Secret sharing techniques owing to employing segmentation, the normally low effect of program right and wrong.Additionally, condition trade agreement needs the participation of bank.Although Carbunar proposes the offline versions that the conditional electronic based on Oblivious Transfer technology pays subsequently, it still uses the segmentation of poor efficiency to select agreement and Secret sharing techniques.
Blanton based on CL signature propose a kind of improvement conditional electronic pay (possessing transferability).This is a kind of off-line scheme, and does not use segmentation to select agreement.Therefore there is relatively low amount of calculation and traffic load.But, owing to employing CL signature, he needs the zero-knowledge proof of some complexity.A kind of effective structure looking for conditional electronic payment (possessing transferability) remains an interesting problem.
Summary of the invention
In view of the deficiencies in the prior art, it is contemplated that in providing a kind of efficient conditional electronic payment system.
To achieve these goals, the technical solution used in the present invention is as follows:
A kind of conditional electronic payment system possessing transferability, has payment platform, bank, a requestee, described payer account, and at least one payee, comprises the following steps:
(1) generation is paid, wherein, when described requestee wishes to extract a currency to described bank, described requestee need prove the proprietary rights of described payer account, and consulting a public information, by extracting agreement between both sides, final described requestee obtains the currency that bank cashes;
(2) conditional jump, wherein, when described requestee wishes to pay for his currency to described payee;Three randoms number generated by payee between both sides and Given information, carried out computing and Bilinear map checking, be verified rear payee and namely accept the currency that requestee sends.
(3) user's registration, the interaction protocol between and described bank.Wherein, described bank generates a restricted Partial Blind Signature to a concrete information, and this agreement is essentially identical with step (1) agreement, and the real value according to specifically electronic money is 0.Finally, it is thus achieved that effective certificate coin is as his representative;
(4) additional transfer, shifts a currency when hope and gives, and by three randoms number generated and Given information between both sides, carries out certain computing and Bilinear map checking, namely accepts the currency of transfer after being verified;
(5) cashing payment, beneficiary according to step (4) result sends currency to described bank;
(6) identifying dual disburser, dual memory or dual payment detect in described bank.
It should be noted that the public information consulted in described step (3) is.
The present invention has the beneficial effects that, does not both need the segmentation selection technique of poor efficiency constructed by the present invention, it is not required that complicated knowledge probative agreement, also eliminates demand in all conditions agreement of transfer, bank is online at any time simultaneously.And the conditional electronic payment system of the present invention possesses assignability, the further transaction currency that a series of payee can be anonymous can be made.
Detailed description of the invention
Below in conjunction with embodiment, the invention will be further described.
A kind of conditional electronic payment system possessing transferability, has payment platform, bank, a requestee, described payer account, and at least one payee, comprises the following steps:
(1) generation is paid, wherein, when described requestee wishes to extract a currency to described bank, described requestee need prove the proprietary rights of described payer account, and consulting a public information, by extracting agreement between both sides, final described requestee obtains the currency that bank cashes;
(2) conditional jump, wherein, when described requestee wishes to pay for his currency to described payee;Three randoms number generated by payee between both sides and Given information, carried out computing and Bilinear map checking, be verified rear payee and namely accept the currency that requestee sends.
(3) user's registration, the interaction protocol between and described bank.Wherein, described bank generates a restricted Partial Blind Signature to a concrete information, and this agreement is essentially identical with step (1) agreement, and the real value according to specifically electronic money is 0.Finally, it is thus achieved that effective certificate coin is as his representative;
(4) additional transfer, shifts a currency when hope and gives, and by three randoms number generated and Given information between both sides, carries out certain computing and Bilinear map checking, namely accepts the currency of transfer after being verified;
(5) cashing payment, beneficiary according to step (4) result sends currency to described bank;
(6) identifying dual disburser, dual memory or dual payment detect in described bank.
It should be noted that the public information consulted in described step (3) is.
In order to be better understood from the present invention, below in conjunction with embodiment, the invention will be further described:
1, generation is paid: when U wishes to extract a currency, he first has to prove account proprietary rights, and consults a public information c.For this, the extraction agreement between U and B is:
(1) B generates a random number r ∈RΖq, and send z=(Ig2)rx, b=(Ig2)r, and a=yrTo U.
(2) U checks e (z, g)=e (b, y)=e (Ig2, a) whether set up.If equation is false, it will termination protocol.If setting up, U generates a series of random number α, λ, x1,x2,μ∈RΖq, calculate A=(Ig simultaneously2)α, z'=zαλ, b'=bαλ, a'=aλ,With Then it sendsTo B.
(3) B feeds back to UThen U calculatesIf Then (A, B, c, (z', b', a', σ)) is exactly the U effective money knowing expression.
2, conditional jump: when U wishes to pay for his currency (A, B, c, (z', b', a', σ)) to S1, following agreement will be performed:
(1) S1Generate three random number α1,β1,γ1∈RΖq, then send To U.
(2) d=H is made1(A,B,A1,B1), U calculates r1=d (μ0α)+x1Modq, r2=d α+x2Modq, then sends (A, B, c, (z', b', a', σ), r1,VEDL(r2)) to S1。
(3) S1Accepting currency, and if only if: A ≠ 1, e (z', g)=e (b', y)=e (A, a'), And VEDL (r2) it is r2An encryption that effectively can verify that.
When the unfavorable result of event, U can with self participate in above-mentioned condition agreement of transfer.Same, U can pay in cash.
3, user's registration a: SiAnd the interaction protocol between B.As a result, B generates a restricted Partial Blind Signature to a concrete informationIt is almost the same that this agreement generates agreement with payment.Only difference is that common information is c*Rather than c, say, that the real value of electronic money is 0.Finally, SiObtain an effective certificate coin (Ai,Bi,c*,(zi',bi',ai',σi)) as his representative.
4, additional transfer: work as SiWish that one currency of transfer is to Si+1(1≤i≤n-1), following agreement will be performed:
(1) Si+1Generate three random number αi+1, βi+1, γi+1∈RΖqAnd send To Si。
(2) d is madei=H1(Ai,Bi,Ai+1,Bi+1), U calculates τi=di(uiαi)+βiModq, vi=diαi+γiModq, and send (A, B, c, (z', b', a', σ), r1,VEDL(r2)) and (Aj,Bj,c*,(z'j,b'j,a'j,σj),τj,vj) (1≤j≤i) to Si+1.It is to say, transfer additional each time is by interpolation (Aj,Bj,c*,(z'j,b'j,a'j,σj),τj,vj) (1≤j≤i) information is to currency.
(3) Si+1Accept currency, and if only if A ≠ 1, e (z', g)=e (b', y)=e (A, a'), VEDL(r2) it is r2An encryption that effectively can verify that, and Aj≠ 1, e (z'j, g)=e (b'j, y)=e (Aj,a'j),
When event ideal occurs, SnSend VEDL (r2If) to T. VEDL (r2) it is effective, T calculating and sending send r2To Sn.Finally.SnStorage (A, B, c, (z', b', a', σ), r1,r2), (Aj,Bj,c*,(z'j,b'j,a'j,σj),τj,vj) (1≤j≤n-1) and (An,Bn) as the currency that can cash.
5, payment is cashed: beneficiary Si(1≤i≤n) sends currency (A, B, c, (z', b', a', σ), r1,r2), (Aj,Bj,c*,(z'j,b'j,a'j,σj),τj,vj) (1≤j≤n-1) and (αi,βi,γi) to B.If SkAnd Sl(k < l) has all cashed payment, and B just can track dual payer Sk。
For SiThe currency provided, B first checks for the effectiveness of currency.If being verified all, then he search for deposit data base to search whether that A was stored.If be not stored before A, B is just (A, c, d, r1,r2), (Aj,c*,dj,τj,vj) (1≤j≤i-1) and αiStorage is in data base, and is attributed to SiAccount in;Otherwise, B just calls the dual disburser's algorithm of identification.
6, identify that dual disburser: B can detect dual memory or dual payment by the following method:
(1) two different five-tuple (A, c, d, r are utilized1,r2) and (A, c, d', r1',r2'), B can calculate u0=(r1-r1')/(r2-r2') modq follow the trail of dual disburser U.In this case, B also is understood that U first time extracts currency.
(2) two different five-tuple (A are utilizedj,c*,dj,τj,vj) and (Aj,c*,d'j,τ'j,v'j), B can calculate uj=(τj-τ'j)/(vj-v'j) modq follow the trail of dual disburser Sj。
(3) making l < n-1 is maximum index, all Aj(1≤j≤l) has stored in data base.Utilize two different five-tuple (Al,c*,dl,τl,vl) and (Ak,c*,dk,τk,vk), B can verify misdeed in the following manner:
If k < l, B can be inferred that Sk+1Attempting the payment that twice storage is identical, therefore he will refuse Sk+1Request;
If k > l, B can be inferred that Sl+1It is a dual disburser, because in this case, it is meant that same payment is both by Sl+1Cash, transferred the possession of by it again.Utilize Al+1And al+1Information, B can calculate Sl+1Accounts information:
For a person skilled in the art, can technical scheme as described above and design, make other various corresponding changes and deformation, and all these change and deformation all should belong within the protection domain of the claims in the present invention.
Claims (2)
1. possess a conditional electronic payment system for transferability, there is payment platform, bank, a requestee, described payer account, and at least one payee Si, it is characterised in that comprise the following steps:
(1) generation is paid, wherein, when described requestee wishes to extract a currency to described bank, described requestee need prove the proprietary rights of described payer account, and consulting a public information c, by extracting agreement between both sides, final described requestee obtains the currency that bank cashes;
1.1B generates a random number r ∈RΖq, and send z=(Ig2)rx, b=(Ig2)r, and a=yrTo U;
1.2U checks e (z, g)=e (b, y)=e (Ig2, a) whether set up;If equation is false, it will termination protocol;If setting up, U generates a series of random number α, λ, x1,x2,μ∈RΖq, calculate A=(Ig simultaneously2)α, z'=zαλ, b'=bαλ, a'=aλ,WithThen it sendsTo B;
1.3B feeds back to UThen U calculatesIfThen (A, B, c, (z', b', a', σ)) is exactly the U effective money knowing expression;
(2) conditional jump, wherein, when described requestee wishes to pay for his currency to described payee;Three randoms number generated by payee between both sides and Given information, carried out computing and Bilinear map checking, be verified rear payee and namely accept the currency that requestee sends;When U wishes to pay for his currency (A, B, c, (z', b', a', σ)) to S1, following agreement will be performed:
2.1S1Generate three random number α1,β1,γ1∈RΖq, then sendTo U;
2.2 make d=H1(A,B,A1,B1), U calculates r1=d (μ0α)+x1Modq, r2=d α+x2Modq, then sendsTo S1;
2.3S1Accepting currency, and if only if: A ≠ 1, e (z', g)=e (b', y)=e (A, a'),And VEDL (r2) it is r2An encryption that effectively can verify that;
(3) user's registration, a SiAnd the interaction protocol between described bank;Wherein, described bank generates a restricted Partial Blind Signature to a concrete information, and this agreement is essentially identical with step (1) agreement, and the real value according to specifically electronic money is 0, finally, and SiObtain the representative as him of the effective certificate coin;Wherein: B generates a restricted Partial Blind Signature to a concrete informationIt is almost the same that this agreement generates agreement with payment;Only difference is that common information is c*Rather than c, say, that the real value of electronic money is 0;Finally, SiObtain an effective certificate coin (Ai,Bi,c*,(z′i,b′i,a′i,σi)) as his representative;
(4) additional transfer, works as SiWish that one currency of transfer is to Si+1(1≤i≤n-1), passes through S between both sidesi+1Three randoms number generated and Given information, carry out certain computing and Bilinear map checking, be verified rear Si+1Namely S is acceptediThe currency of transfer;
4.1Si+1Generate three random number αi+1, βi+1, γi+1∈RΖqAnd sendTo Si;
4.2 make di=H1(Ai,Bi,Ai+1,Bi+1), U calculates τi=di(uiαi)+βiModq, vi=diαi+γiModq, and send(Aj,Bj,c*,(z'j,b'j,a'j,σj),τj,vj) (1≤j≤i) to Si+1;It is to say, transfer additional each time is by interpolation (Aj,Bj,c*,(z'j,b'j,a'j,σj),τj,vj) (1≤j≤i) information is to currency;
4.3Si+1Accept currency, and if only if A ≠ 1, e (z', g)=e (b', y)=e (A, a'),VEDL(r2) it is r2An encryption that effectively can verify that, and Aj≠ 1, e (z'j, g)=e (b'j, y)=e (Aj,a'j),
(5) cashing payment, beneficiary according to step (4) result sends currency to described bank;Wherein: beneficiary Si(1≤i≤n) sends currency (A, B, c, (z', b', a', σ), r1,r2), (Aj,Bj,c*,(z'j,b'j,a'j,σj),τj,vj) (1≤j≤n-1) and (αi,βi,γi) to B;If SkAnd Sl(k < l) has all cashed payment, and B just can track dual payer Sk;
For SiThe currency provided, B first checks for the effectiveness of currency, is verified if all, and then he search for deposit data base to search whether that A was stored;If be not stored before A, B is just (A, c, d, r1,r2), (Aj,c*,dj,τj,vj) (1≤j≤i-1) and αiStorage is in data base, and is attributed to SiAccount in;Otherwise, B just calls the dual disburser's algorithm of identification;
(6)=and identifying dual disburser, dual memory or dual payment detect in described bank;
6.1 utilize two different five-tuple (A, c, d, r1,r2) and (A, c, d', r'1,r′2), B can calculate u0=(r1-r'1)/(r2-r′2) modq follow the trail of dual disburser U, in this case, B also is understood that U first time extracts currency;
6.2 utilize two different five-tuple (Aj,c*,dj,τj,vj) and (Aj,c*,d'j,τ'j,v'j), B can calculate uj=(τj-τ'j)/(vj-v'j) modq follow the trail of dual disburser Sj;
6.3 to make l < n-1 be maximum index, all Aj(1≤j≤l) has stored in data base, utilizes two different five-tuple (Al,c*,dl,τl,vl) and (Ak,c*,dk,τk,vk), B can verify misdeed in the following manner:
If k < l, B can be inferred that Sk+1Attempting the payment that twice storage is identical, therefore he will refuse Sk+1Request;
If k > l, B can be inferred that Sl+1It is a dual disburser, because in this case, it is meant that same payment is both by Sl+1Cash, transferred the possession of by it again, utilize Al+1And al+1Information, B can calculate Sl+1Accounts information:
2. payment system according to claim 1, it is characterised in that the public information consulted in described step (3) is c*。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310272889.4A CN103295131B (en) | 2013-07-01 | 2013-07-01 | A kind of conditional electronic payment system possessing transferability |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310272889.4A CN103295131B (en) | 2013-07-01 | 2013-07-01 | A kind of conditional electronic payment system possessing transferability |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103295131A CN103295131A (en) | 2013-09-11 |
CN103295131B true CN103295131B (en) | 2016-06-29 |
Family
ID=49095947
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310272889.4A Active CN103295131B (en) | 2013-07-01 | 2013-07-01 | A kind of conditional electronic payment system possessing transferability |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103295131B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104850984B (en) * | 2014-05-13 | 2018-04-06 | 电子科技大学 | The method for safe operation that a kind of off-line cash is paid |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5524073A (en) * | 1992-11-17 | 1996-06-04 | Stambler; Leon | Secure transaction system and method utilized therein |
CN1741057A (en) * | 2004-08-23 | 2006-03-01 | 祁勇 | Payment method and system based on authorization and control mechanism |
CN103180868A (en) * | 2010-08-25 | 2013-06-26 | 美国凯士伊克斯格公司 | Authorization of cash delivery |
-
2013
- 2013-07-01 CN CN201310272889.4A patent/CN103295131B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5524073A (en) * | 1992-11-17 | 1996-06-04 | Stambler; Leon | Secure transaction system and method utilized therein |
CN1741057A (en) * | 2004-08-23 | 2006-03-01 | 祁勇 | Payment method and system based on authorization and control mechanism |
CN103180868A (en) * | 2010-08-25 | 2013-06-26 | 美国凯士伊克斯格公司 | Authorization of cash delivery |
Non-Patent Citations (1)
Title |
---|
一种可转移的离线电子现金方案;刘义春,胡玉平;《计算机工程》;20120920;第38卷(第18期);第116-119页 * |
Also Published As
Publication number | Publication date |
---|---|
CN103295131A (en) | 2013-09-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108885761B (en) | Method for secure point-to-point communication on a blockchain | |
Chaum et al. | How to issue a central bank digital currency | |
CN108389047B (en) | Method for trading between parent chain and child chain in block chain and block chain network | |
Tian et al. | Enabling cross-chain transactions: A decentralized cryptocurrency exchange protocol | |
CN107784580B (en) | Public and private key pair-based derived centerless digital currency transaction method | |
JP2022095918A (en) | Tokenizing method and system for executing exchange on block chain | |
CN110333948A (en) | Virtual resource allocation method and apparatus based on block chain | |
CN107369010A (en) | A kind of creation method of the stored value card based on block chain | |
CN107133872A (en) | Block chain information brings platform together | |
KR20000014231A (en) | Off-line electronic transaction system and electronic commercial transaction method using the same | |
CN109493053A (en) | A kind of anonymous deal method for alliance's block catenary system | |
TW200820108A (en) | Method for automatically validating a transaction, electronic payment system and computer program | |
CN107533700A (en) | Verify electronic transaction | |
CN110009318A (en) | A kind of digital cash method for tracing based on door sieve coin | |
CN112801649B (en) | Flow statistical system, method and device based on block chain | |
CN108510252A (en) | A kind of intelligent electric automobile power grid security payment system and method based on block chain | |
US6105862A (en) | Method for performing a double-signature secure electronic transaction | |
Ekbote et al. | Blockchain based remittances and mining using CUDA | |
CN103295131B (en) | A kind of conditional electronic payment system possessing transferability | |
CN102129653A (en) | Electronic commerce auditing method based on auditing logic unit | |
Guo et al. | A bike sharing system based on Blockchain platform | |
Van Hee et al. | A new digital currency system | |
CN108090751A (en) | Electronic cash system | |
CN111523892B (en) | Block chain cross-chain transaction method and device | |
KR20200087418A (en) | System for security enforced crypto currency based on block chain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |